> I am hoping that someone can clear this up for me. > > The tls1_PRF() function uses both the md5 and sha1 algorithms to generate > pseudo-random data. Since this function is used for TLS key > derivation, is > the md5 algorithm allowed for key derivation while operating in FIPS mode?
The MD5 is not allowed for key derivation in FIPS mode where the security of the key derivation depends upon the security of MD5. However, for TLS, the security of the key derivation does not depend upon the security of MD5 because the MD5 information is combined with the full SHA1 hash. > If it is OK, I am curious how this is handled. With FIPS mode > enabled, is > the SSL library itself allowed to call non-FIPS algorithms? The reason I > ask is that I notice the SSL library doesn't necessarily check > return values. >From a compliance standpoint, anyone can non-FIPS algorithms in FIPS mode. However, you must assume that no security of any kind is provided by these algorithms. I'm not precisely sure how OpenSSL implements this internally from a technical standpoint. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
